Johannesburg, 11 Mar 2009
IT security and control firm Sophos is urging all computer users to assess the strength of their passwords and ensure they are choosing unique and multiple passwords for every different sensitive account, in order to thwart hackers and protect their personal and corporate identities.
The warning follows numerous recent cyber-attacks, whereby fraudsters have bypassed password security in order to break into Web mail and social networking sites.
Despite high-profile security breaches such as Jack Straw's Hotmail account being compromised, and cyber-criminals gaining access to celebrity Twitter accounts after cracking an administrator password, a third of computer users are still using the same password for every Web site they access, according to a Sophos poll conducted earlier this month.
The following responses were obtained from the survey:
Do you use the same password for multiple Web sites:
Yes, all the time - 33%
I have a few different passwords - 48%
No, never - 19%
According to experts at Sophos, many computer users continue to overlook the importance of choosing strong passwords. When asked the same question three years ago, 41% admitted to using the same password for all Web sites, with just 14% always using a different one.
"It is a concern that in three years, very few computer users seem to have woken up to the risks of using weak passwords and the same password for every site they visit," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
"The growing popularity of social networking means there is even more on offer for hackers. By using the same password to access Facebook, Amazon and your online bank account, for example, you're making it much easier for cyber-criminals. Once one password has been compromised, it's only a matter of time before a fraudster will be able to gain access to your other accounts and steal information for financial gain," Myroff says.
Sophos advises all computer users to ensure they don't use dictionary words as passwords, as it is relatively easy for hackers to figure these out using electronic dictionaries that simply try out every word until they get the right one. Furthermore, it's important not to choose common passwords like 'admin' or '1234', as cyber-criminals also check these first.
In fact, the Conficker worm uses lists of 200 common passwords to try and gain access to other computers on the network, meaning that if one employee is infected, the whole corporate network could quickly be compromised if strong passwords are not enforced.
“Computer users tend to pick dictionary words as they're much easier to remember. A good strategy is to pick a sentence and just use the first letter of every word to make up a password. Numbers can also be substituted for words, such as '4' instead of 'for', to ensure a stronger password and prevent anyone from guessing it.
“While there is still the issue of having to remember multiple passwords, there are some good password management systems that will encrypt all your passwords and only allow you to access them with the master password - of course, it's essential that this password is as strong as possible," Myroff adds.
For further information, including a video and podcast offering tips about password security, visit: http://www.sophos.com/blogs/gc/g/2009/03/10/password-website/
* Sophos online survey, March 2009, 676 respondents
Share